Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD. User s Guide

Transcription

1 Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD User s Guide A

2 Notices Agilent Technologies, Inc No part of this manual may be reproduced in any form or by any means (including electronic storage and retrieval or translation into a foreign language) without prior agreement and written consent from Agilent Technologies, Inc. as governed by United States and international copyright laws. Manual Part Number G Edition 03/04 Printed in Germany Agilent Technologies Hewlett-Packard-Strasse Waldbronn, Germany Software Revision This guide is valid for revision B of the Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD software, where x refers to minor revisions of the software that do not affect the technical accuracy of this guide. Warranty The material contained in this document is provided as is, and is subject to being changed, without notice, in future editions. Further, to the maximum extent permitted by applicable law, Agilent disclaims all warranties, either express or implied, with regard to this manual and any information contained herein, including but not limited to the implied warranties of merchantability and fitness for a particular purpose. Agilent shall not be liable for errors or for incidental or consequential damages in connection with the furnishing, use, or performance of this document or of any information contained herein. Should Agilent and the user have a separate written agreement with warranty terms covering the material in this document that conflict with these terms, the warranty terms in the separate agreement shall control. Technology Licenses The hardware and/or software described in this document are furnished under a license and may be used or copied only in accordance with the terms of such license. Restricted Rights Legend If software is for use in the performance of a U.S. Government prime contract or subcontract, Software is delivered and licensed as Commercial computer software as defined in DFAR (June 1995), or as a commercial item as defined in FAR 2.101(a) or as Restricted computer software as defined in FAR (June 1987) or any equivalent agency regulation or contract clause. Use, duplication or disclosure of Software is subject to Agilent Technologies standard commercial license terms, and non-dod Departments and Agencies of the U.S. Government will receive no greater than Restricted Rights as defined in FAR (c)(1-2) (June 1987). U.S. Government users will receive no greater than Limited Rights as defined in FAR (June 1987) or DFAR (b)(2) (November 1995), as applicable in any technical data. Safety Notices CAUTION A CAUTION notice denotes a hazard. It calls attention to an operating procedure, practice, or the like that, if not correctly performed or adhered to, could result in damage to the product or loss of important data. Do not proceed beyond a CAUTION notice until the indicated conditions are fully understood and met. WARNING A WARNING notice denotes a hazard. It calls attention to an operating procedure, practice, or the like that, if not correctly performed or adhered to, could result in personal injury or death. Do not proceed beyond a WARNING notice until the indicated conditions are fully understood and met. 2 ChemStation Security Pack User s Guide

3 In This Guide This book describes the Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD techniques. The Security Pack is an add-on module for the Agilent ChemStation and helps you meet the requirements of the U.S. Food and Drug Administration s (FDA) ruling on electronic records and signatures, CFR 21 Part Introduction The first chapter provides an overview of Security Pack and 21 CFR Part 11 FDA s final rule for electronic records and electronic signatures. 2 Prerequisites, Configuration, and Installation This chapter shows you how to setup the Security Pack in ChemStation. 3 A Brief Tour Refer to this chapter for getting an introduction to the main concepts behind Security Pack. 4 Access Level and Batch Review Interface Changes This chapter includes a description of the changes that have been made in operator mode and batch review mode. 5 Data Reanalysis Use this chapter as a guidance for reanalyzing your data. 6 Administrator Tasks and Reference This chapter provides an overview of administrative tasks. ChemStation Security Pack User s Guide 3

4 4 ChemStation Security Pack User s Guide

5 Contents 1 Introduction 9 Introducing Security Pack CFR Part CFR Part 11 Requirements 12 General Aspects of Data Security in Computerized Networks Open Versus Closed Systems 12 2 Prerequisites, Configuration, and Installation 15 Prerequisites 16 PC Hardware 16 Operating System 16 Windows 2000 and XP User Management 17 Minimum Requirements for Windows 2000 and XP User Administration 17 Group Policies in Windows 2000 and XP 18 User Profiles 19 Installation Procedure 20 Preparation 20 Security Pack Installation 20 Post Installation 21 Adding a ChemStation Instrument 24 Removing Security Pack 24 3 A Brief Tour 25 Mandatory Logon, User Management and Lock-out 26 Storage of Data 31 Data Transfer from ChemStation 34 ChemStation Security Pack User s Guide 5

6 Contents During Data Acquisition 34 During Data Reprocessing 34 ChemStation Data Analysis View 35 ChemStation Batch Review 37 Overview of Data Transfer from ChemStation to ChemStore C/S Database 41 Retrieval of Raw and Meta Data in ChemStation Batch Review 43 Audit Trails 44 Automated Data Versioning 47 4 Access Level and Batch Review Interface Changes 51 Changes to ChemStation Operator Level 52 Changes to Batch Mode 54 5 Data Reanalysis 57 Transferring Data from ChemStore to Batch Review of ChemStation 58 Setting up a Batch 58 Loading a Batch 60 Transferring Data to ChemStation from the Run Information Interface of ChemStore 63 Reloading a run 63 Reloading a Sequence 65 Integration 67 Integrating a Signal Automatically 67 Integrating a Signal Manually 69 Recalibration 70 6 Administrator Tasks and Reference 71 Introduction 72 Tasks requiring a ChemStore C/S permission 74 Creating a new user 74 6 ChemStation Security Pack User s Guide

7 Contents Modifying an Existing User Profile 77 Tasks for operating systems administrators 78 Configuration of the DB Size Security Service 78 Assigning a Database Connection 79 Creating New Databases in the Standalone Version 81 Database Backup in the Standalone Version 83 Event Log File Backup 84 Setting Up Notification 84 Troubleshooting Spooler Problems 85 Security Settings 87 Index 89 ChemStation Security Pack User s Guide 7

8 Contents 8 ChemStation Security Pack User s Guide

9 Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD User s Guide 1 Introduction Introducing Security Pack CFR Part Agilent Technologies 9

10 1 Introduction Introducing Security Pack Introducing Security Pack Security Pack revision B is built upon the ChemStation A or higher. It is an add-on module to the Agilent ChemStation for GC, LC, CE, LC-MSD, CE-MSD and A/D targeted to support the compliance requirements for 21 CFR Part 11. Security Pack provides changes to the ChemStation result management. It provides logon and locking procedures for each individual application. It offers a fully automated result and meta data versioning each time a new result is calculated and displayed, the Security Pack stores this result with a new version number in the database. It protects data directory with NTFS permission rights. Security Pack changes the operator privileges of the ChemStation operator user level and adds the ChemStore C/S relational database for result management and data storage. The changes on the ChemStation are discussed and explained in this manual; for a description of the ChemStore C/S product, please refer to the Agilent ChemStore C/S Concepts Guide. 10 ChemStation Security Pack User s Guide

11 Introduction 1 21 CFR Part CFR Part 11 Effective August 20, 1997, the U.S. Food and Drug Administration (FDA) released and published a new rule to enable pharmaceutical companies to approve their results with electronic signatures and to transfer paper-trail documentation into electronic records. This rule is known as 21 Code of Federal Regulations Part 11 (referred to as 21 CFR Part 11) and applies to all industry segments regulated by the FDA. The impact of this rule on current work practices and data handling in the pharmaceutical industry has been much higher than expected. The industry wanted to have a rule on electronic signatures, but what they got was a rule on electronic records. (Martin Browning, former FDA inspector, during a validation seminar in Washington D.C.) 21 CFR Part 11 places high emphasis on the implementation of all measures to protect and secure electronic records. Besides all uncertainties and changes that 21 CFR Part 11 requires in the behavior of both the pharmaceutical industry and the vendors of chemical analysis equipment, it is well worth implementing in today s laboratories because it can help the industry with one of the most important issues in pharmaceutical research bringing new drugs faster to market. The major benefits of this shift towards electronic data management are in the potential productivity increase for the industry. The industry can decrease its data output on paper, speed up the data review and approval process, and benefit from new automation technology based on computerized system control, for example, in manufacturing or dissolution drug release testing. In addition to this rule on electronic records, other general requirements for computerized systems are brought to the auditor s attention. These rules cover the basic requirements of validation which are limiting data access and ensuring data integrity and data traceability. It is, of course, the industry that has to make sure that its work practices support the FDA rules, but most of the requirements also affect the chemical analysis systems and suppliers of these systems. ChemStation Security Pack User s Guide 11

12 1 Introduction 21 CFR Part 11 This manual outlines how a chromatographic data handling system can help the industry to comply with the FDA rules. Security Pack meets the demands on data security, data integrity, and audit-trail using either a standalone Microsoft Access database or a server-based Oracle database. 21 CFR Part 11 Requirements To fulfill the FDA rules and guidelines for compliant electronic records and computerized systems, it is important to understand the basic aspects of secure data handling. Data security physical protection of data by limiting access to the system and preventing unauthorized access. Data integrity protecting raw and meta data and preventing these from unauthorized modification, and linking raw data and results to reproduce the original results at any time, for example, in an audit situation and document each new result copy. Audit traceability documenting who did what to the results an when, and tracing the user adding new reanalyzed versions to the original raw data. General Aspects of Data Security in Computerized Networks Open Versus Closed Systems Before discussing details of data security in a chromatographic system, some general aspects of data security in a computerized network need to be considered. It is generally known that data transfer over a public network can be accessed by unauthorized external persons, hackers, who gain access either for personal amusement or intentional fraud. If an electronic identification comprising user ID and a password is used to approve confidential or important data, users must be sure that their signatures are unbreakably linked to the data and that nobody can copy this signature or get access to the passwords. In a public system, this would require additional encryption technology, for example, a private/public key 12 ChemStation Security Pack User s Guide

13 Introduction 1 21 CFR Part 11 combination of data encryption. In contrast, if a computerized system is protected from unauthorized access, users can be sure that their signatures are private and are not accessible to unauthorized individuals. The FDA also distinguishes between these two scenarios and defines them as open and closed systems. A public network system can therefore only be viewed as an open system and a protected network as a closed system, if it fulfills additional requirements. The Security Pack is designed for and supported in a closed system only. In FDA terms, closed system means an environment in which access is controlled by persons who are responsible for the content of electronic records on the system (11.3.5). The evidence of a system being a closed system is not a one-time check but an ongoing process of executing and documenting the system controls that make sure that the system is closed. In contrast, in an open system, those persons being responsible for the content of electronic records do not control the system access. As a result, open systems require additional encryption technology for all data transfer over the network. ChemStation Security Pack User s Guide 13

14 1 Introduction 21 CFR Part ChemStation Security Pack User s Guide

15 Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD User s Guide 2 Prerequisites, Configuration, and Installation Prerequisites 16 Installation Procedure 20 Agilent Technologies 15

16 2 Prerequisites, Configuration, and Installation Prerequisites Prerequisites PC Hardware The Security Pack does not require a large amount of resources from the computer, the minimum requirements for the PC are the same as for ChemStore C/S. Refer to the ChemStore C/S Installation Guide for details about minimum hardware requirements. Operating System Security Pack requires Windows with service pack 4 or Windows XP with service pack 1a or higher and the Internet Explorer 5.5 or higher. Additionally, the hard drive won which the ChemStation Plus system is installed must use the NTFS format. Format the hard drive prior to the installation of the Security Pack. NOTE The Windows 2000/XP directory service, also called Active Directory (AD) is not supported with the Security Pack revision B Client Configuration The following section will discuss how Security Pack ties into the Windows 2000 and XP security tools and how the default setup configures the security settings under Windows 2000 and XP. For further information on the administration of both, the Windows 2000 and XP permissions and the database, please refer to Chapter 6, Administrator Tasks and Reference, starting on page 71. Security Pack utilizes the Windows group security concept to add full compliance with 21 CFR Part 11 to ChemStation Plus. The section Windows 2000 and XP User Management on page 17 briefly outlines this concept and section Minimum Requirements for Windows 2000 and XP User Administration on page 17 explains an easy configuration that is fully sufficient for a standalone system. 16 ChemStation Security Pack User s Guide

17 Prerequisites, Configuration, and Installation 2 Prerequisites However Agilent recommends to customize the Windows security configuration according to the needs in the laboratory. Sections Minimum Requirements for Windows 2000 and XP User Administration on page 17 and Group Policies in Windows 2000 and XP on page 18 briefly outline how these features built into the Microsoft Windows operating system can be used to make ChemStation Plus easier to use. Windows 2000 and XP User Management The core part of the Windows user management in standalone usage is the group concept. Each Windows user is a member of a group. These groups then are assigned certain permissions, like logging on to a computer, installing software, access to certain files, etc. Each user has its own profile, where the layout of their desktop, the applications they see in the start menu, and other things are stored. System policies can be used to further customize the security settings. Using system policies usually requires a Windows 2000 domain, where the policies will be maintained centrally. Minimum Requirements for Windows 2000 and XP User Administration As the user identification required by 21 CFR Part 11 for electronic records is done by the ChemStation plus Security Pack, the Windows user management can be simplified. It is sufficient to divide users in two groups: Operators, that normally use the ChemStation plus system and do not need to change database connections or do backups. Administrators, that do database backups and change database connections. ChemStation Security Pack User s Guide 17

18 2 Prerequisites, Configuration, and Installation Prerequisites One user configuration example would use only one generic Windows user log-on for all users sharing one computer. Security Pack manages the system security and the user identification. This generic user only needs to be a member of the Windows user group Users. This user must not be a member of the Windows user group Power Users or Administrators. NOTE When using Windows systems that are not purchased from Agilent, it is necessary to grant specific permissions on operating system folders used by the application. The configuration should be done according to the document Windows XP Professional Configuration for Agilent ChemStation A or higher (P/N G ). An electronic version of this documented is located on your ChemStation installation CD. For the administrators, we recommend personalized Windows user accounts, to track their actions. All users with this job description must be a member of either the Windows user group Power Users or Administrators. Chapter 6, Administrator Tasks and Reference, starting on page 71 provides further details on the security settings chosen to prevent unauthorized deletion of data. NOTE If your Windows 2000 networked environment is structured in domains, each domain user group must be explicitly listed as a member of the local user group for Security Pack to work properly. The domain user group must not be member of the Power Users group. Group Policies in Windows 2000 and XP Windows 2000 and XP include numerous commands and settings that control and manage the entire computer system. One example is the control panel that allows for installation and removal of applications, changes of the PC clock and so on. An unauthorized modification of the Windows system settings usually causes general problems of operating the PC, but some settings just modify your electronic records like changing the local PC clock time. Security Pack is designed to be fully secure even in a system that offers system setting access to standard users. However, in order to minimize the operators access to the system control, we recommend to restrict access to certain important commands and programs from the Windows system control to users with administrative rights. The best 18 ChemStation Security Pack User s Guide

19 Prerequisites, Configuration, and Installation 2 Prerequisites way of implementing the restricted access in a Windows 2000 or XP networked data system are Windows group policies. Please refer to the Microsoft Operating System user documentation and online help for details. Group policies can be used to further secure and simplify system usage. They allow a customizing of the desktop of each user and restrict access to important programs and commands for the system and control. Group policies usually operate in an entire domain and are setup by the domain controller or domain administrator. Contact your local IT organization for implementing these features, as they should fit in the overall security strategy of your laboratory. For use with Security Pack, we recommend the following limitations for the operators: Remove Run command from Start menu Disable Registry editing tools Disable Task Manager Disable Change Password (if generic logon for users is used) Members of the local Power Users and Administrators group should have the same restrictions, except the permission to change their own Window password. The other system control functionality is not required for the administrative tasks of the Security Pack either. User Profiles To ensure that all users always have the same desktop and the same start menu on all computers, a mandatory user profile can be used. These profiles are stored on a central server and cannot be changed by the individual users. We recommend to remove all applications except the ChemStation Plus applications from the start menu as well as all icons from the desktop for the users that are operators. Depending on the SOP used for back-up and archival the users that perform the administrative tasks need access to Windows Explorer and/or the Windows backup application. ChemStation Security Pack User s Guide 19

20 2 Prerequisites, Configuration, and Installation Installation Procedure Installation Procedure To ensure a successful installation of the Security Pack, please follow this procedure step by step. Preparation 1 Ensure that your PC meets the minimum requirements as outlined in the Agilent ChemStore C/S Installation Guide. 2 Ensure that your operating system is Windows 2000 with service pack 4 or Windows XP with service pack 1a. 3 Ensure that the partition where Security Pack will be installed is in NTFS format. 4 If not already done, install the ChemStation from the ChemStation Plus CD-ROM. Details on the ChemStation installation can be found in the respective ChemStation installation guide. 5 If not already done, install ChemStore C/S from the ChemStore/Security Pack/ChemAccess CD-ROM. Details on the ChemStore C/S installation can be found in the respective ChemStore C/S installation guide. 6 Reboot your PC after ChemStore installation. Security Pack Installation 1 Browse the ChemStore/Security Pack/ChemAccess CD-ROM for the G2183 folder. 2 Select to start G2183\setup.exe. 20 ChemStation Security Pack User s Guide

21 Prerequisites, Configuration, and Installation 2 Installation Procedure Post Installation 1 Turn on Windows Object Access Auditing to audit the access to the local hpchem\chemstor\database directory. See also chapter Security Settings on page 87. On stand-alone systems, this can be done by Local Security Policies, located under Administrative Tools of the Control Panel. Navigate to the console tree Audit Policy. Change the settings according to Figure 1 and verify that the settings are effective after re-logging on to the operating system. In a Windows 2000 networked environment, this should be done on a domain level. Figure 1 Audit Policy Settings 2 Change the Security log settings to prevent deletion of events. Open Administrative Tools from Start > Settings > Control Panel. 3 Open Computer Management and expand the event view, then right-click on security > properties. Select Do Not Overwrite Events (Clear Log Manually) as in Figure 2 on page 22. ChemStation Security Pack User s Guide 21

22 2 Prerequisites, Configuration, and Installation Installation Procedure Figure 2 Event Log Settings 4 If applicable create a new database as outlined in section Creating New Databases in the Standalone Version on page Configure a database connection for the users, as outlined in section Assigning a Database Connection on page The passwords for the default users should not be changed until the system is fully operational and productive. Agilent recommends to assign users with the tasks related to the default users. Once these users are established the default user accounts should be disabled. 22 ChemStation Security Pack User s Guide

23 Prerequisites, Configuration, and Installation 2 Installation Procedure Table 1 Default Users and Functions User Name Password Function Admin admin System administrator, has all permissions Manager manager Lab supervisor, can not compact a DB and administer users Chemist chemist Data reviewer, can not administer users and create studies Operator operator Sample operator, can only create batches of assigned data Support support Support logon, has all permissions NOTE Please ensure that always at least two users with the permission Administer users are configured in your database. Due to the strict account lockout policy it might happen that a single account might be locked out and the database can no longer be administered. 7 A successful installation of the Security Pack is documented in the ChemStation menu Help under About ChemStore C/S. This screen will display both the ChemStore revision and the Security Pack revision number. Figure 3 ChemStore revision and the Security Pack revision number ChemStation Security Pack User s Guide 23

24 2 Prerequisites, Configuration, and Installation Installation Procedure Adding a ChemStation Instrument If you decide later to add another ChemStation instrument to your Security Pack installation, it is mandatory to run the Security Pack installation again after the installation of the ChemStation instrument. This will ensure that the data from the second instrument is also fully protected. To do this, perform step 1 and step 2 from the Installation Procedure on page 20. Now the directories of the new ChemStation instrument are protected as outlined in the section Security Settings on page 87. Removing Security Pack If you want to remove the Security Pack from your computer, you need to uninstall ChemStore C/S from your computer. This will also remove the Security Pack. Removal of the software requires a user that is a member of the Windows user group Administrators. Only these users can completely remove all directories created by ChemStore C/S and protected by the ChemStation Plus Security Pack. Refer to the Agilent ChemStore C/S Installation Guide for details on how to remove ChemStore C/S from your computer. 24 ChemStation Security Pack User s Guide

25 Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD User s Guide 3 A Brief Tour Mandatory Logon, User Management and Lock-out 26 Storage of Data 31 Data Transfer from ChemStation 34 Retrieval of Raw and Meta Data in ChemStation Batch Review 43 Audit Trails 44 Automated Data Versioning 47 Agilent Technologies 25

26 3 A Brief Tour Mandatory Logon, User Management and Lock-out Mandatory Logon, User Management and Lock-out Security Pack allows only authorized users to start the application. The user management is a user privilege arranged in the ChemStore C/S database. It should be performed only by administration managers. To prevent unauthorized access to the database or unauthorized use of the database, each ChemStation Plus user is given an access password and a set of permissions, defining which facilities are available for that user (see Agilent ChemStore C/S Concepts Guide, Setting Up and Managing Users, page 99). To prevent unauthorized access of data within a different section of the same database, Security Pack allows to restrict data access of data subsets in one database. Access is restricted on a study level where the study is an organizational element in the database that can be set and managed by Security Pack administrators from within the database. One of the most important requirements for limited system access is that only the individual users know their passwords and even the system administrator can only manage the users and the user IDs but not the passwords. The implementation in the software therefore is a two-step approach. First, the database administrator sets up user identifications and appropriate permission rights for the individual users. Second, when the users first log on to the application, a log-on screen prompts for specification of the individual password. This two step approach ensures that only the individual users knows their passwords. If the password is lost or forgotten, the database administrator can clear the user s password and make the user re-run password specification and log-on script. Figure 4 Prompt for specification of individual password 26 ChemStation Security Pack User s Guide

27 A Brief Tour 3 Mandatory Logon, User Management and Lock-out After clicking OK, the Change User Password dialog box is automatically opened. Figure 5 Change User Password Dialog Box To apply the company s individual password policy for minimum password length, expiry date, password uniqueness and account lock-out, set the appropriate parameters in the ChemStore C/S application. Figure 6 Password Settings Dialog Box ChemStation Security Pack User s Guide 27

28 3 A Brief Tour Mandatory Logon, User Management and Lock-out Following the FDA regulations, both the ChemStation and ChemStore C/S can be locked while they are running. The lock-out may be private, when either the current user s password or an administrator s password must be supplied to unlock the session, or non-private, when any valid user ID/password combination is sufficient to unlock the session. All manual session locks allow ongoing monitoring of the ChemStation Plus applications in case, for example, a sequence is running. The locking is also individual for each instrument session thus allowing to operate more than one instrument version from one PC. To lock a session privately, select in the ChemStation View > Lock ChemStation > privately or in ChemStore C/S Administration > Lock Session > privately. The Privately locked by user dialog box which is now displayed has no Cancel button. The session can only be unlocked by entering a valid user name and password. Figure 7 Privately locked by user Dialog Box To lock a session non-privately, select in the ChemStation View > Lock ChemStation > non-privately or in ChemStore C/S Administration > Lock Session > non-privately. The Locked by user dialog box which is now displayed has no Cancel button. The session can only be unlocked by entering a valid user name and password. Each unsuccessful attempt to unlock (privately and non-privately) the session is noted in the ChemStore database logbook as "failed to logon" with the ChemStation client and the PC host name (e.g. instrument 1) as identifier. 28 ChemStation Security Pack User s Guide

29 A Brief Tour 3 Mandatory Logon, User Management and Lock-out Figure 8 Locked by user Dialog Box According to 21 CFR Part 11, an automatic inactivity lock-out is available as an additional security feature. It allows users with the appropriate privilege "Administer users" to set a time after which the session is locked, and can be unlocked only by supplying a valid password. The inactivity time-out is controlled from the ChemStore database. If it is enabled in the ChemStore review client, all ChemStation sessions will be under control of this timeout setting. In case of a client/server installation of ChemStore, all connected ChemStation Plus clients in the network will have the same setting for the inactivity timeout. This inactivity setting can only be modified from the ChemStore review client from users with administrative privileges. It can not be modified by any system operator on a local data acquisition PC or data review PC without the appropriate ChemStore privileges. The passwords that are valid depend on whether the session has been locked privately or non-privately. In contrast to the manual locks, the automated lock minimizes the locked ChemStation session window to prevent undesired interruption of the work with the foreground application. ChemStation Security Pack User s Guide 29

30 3 A Brief Tour Mandatory Logon, User Management and Lock-out Figure 9 Time-based session lock settings NOTE The default setting is Wait 10 min. 30 ChemStation Security Pack User s Guide

31 A Brief Tour 3 Storage of Data Storage of Data The application is designed to store all data in the ChemStore C/S database. Within the database, runs can be logically grouped for any desired purpose. Such a group of runs is referred to as a study. A user with the requisite permissions may create as many studies as desired, but each study must be identified with a unique name. During study creation, study access is also configured. Only users who can access (they are assigned to studies ) a study can get access to the study data or transfer data into this study. The assignment of studies to users is an additional security measure to restrict data access within the database to those individuals that own the data. Following the rule of part 11 on the requirements of closed systems the "assign studies to users" privilege is thus an additional tool to ensure closed subsystems within the closed system of global database. This is particularly important in cases where different laboratories or even different departments store their data in one ChemStation Plus result database. By assigning parts of the database (studies!) to the different user groups the database administrator ensures that data is only accessible to the data owners and that is invisible to database users who do not own these data (i.e. from different departments who use the same database for their results as well). For more details on the assign studies to users functionality, please refer to ChemStore Concepts guide section "Setting up organizational information - assigning studies to users. When results are transferred from the ChemStation to ChemStore C/S, the individual runs (or group of runs) are assigned to a study; these runs, together with any previous runs assigned to the same study, are then available as a logical unit. The Security Pack is designed to store all data that the FDA defines as mandatory for data integrity: the chromatographic raw data the full content of the d.files the meta data containing the information and algorithm to turn the raw data into meaningful results methods and sequences ChemStation Security Pack User s Guide 31

32 3 A Brief Tour Storage of Data the results as calculated in the ChemStation registers and selected in the report type additional data acquisition parameters like method, sequence, instrument logbooks, instrument serial numbers, and column parameters To create a study, select in ChemStore C/S Administration > Create Study > Store in Addition and follow the default setup to ensure that your study stores all data. Figure 10 Create Study Store in Addition to Result For further information on the study management, see Agilent ChemStore C/S Concepts Guide, Setting Up Organizational Information. The database also links raw data with the corresponding meta data. It documents the result version along with the individual method version that was used to calculate the specified result. The meta data can be easily restored from one central Run information screen. To display the Run information screen, select in ChemStore C/S. 32 ChemStation Security Pack User s Guide

33 A Brief Tour 3 Storage of Data Figure 11 Run Information Screen NOTE The Run information screen is only available in the ChemStore C/S sample tab view. ChemStation Security Pack User s Guide 33

34 3 A Brief Tour Data Transfer from ChemStation Data Transfer from ChemStation During Data Acquisition Before starting a single run or a sequence for data acquisition, the user has to setup the ChemStore C/S organizational information that defines the sample storage location in the database and, if configured, the values for the custom fields. For details on the setup of the ChemStore organizational information, please refer to the Agilent ChemStore C/S Concepts Guide, Chapter 2, ChemStore Concepts, organizing results. The data transfer settings are set to transfer after each analysis. This configuration of the data transfer is user-independent and can not be changed. As soon as the data analysis part of the method is finished and the results are calculated, the data is transferred to the database with the ChemStore C/S ODBC data spooler. In case of an "Acquisition-only" run, the data is transferred when the acquisition is completed. During Data Reprocessing A typical data analysis cycle consists of at least two steps: 1 Initial data analysis as part of the method execution right after data acquisition. 2 A review of the results that were created as part of the data acquisition. For acquisition-only runs only: Separate result calculation is executed at a later point in time as a user-configured batch in the ChemStation batch review window. The automated data transfer during data acquisition is described in the above section. The data transfer during the data review process is also managed by the application. As soon as one or more result values are changed or a new result is created, the Security Pack application transfers all runs with new results automatically to the ChemStore C/S database. The application automatically detects updated or new results by comparing the last actual value with the new value. Each result comparison is denoted in a text file 34 ChemStation Security Pack User s Guide

35 A Brief Tour 3 Data Transfer from ChemStation named Sec_Trac.txt. This file is stored along with the raw data files in the raw data *.d subdirectory. The data comparison is initialized by any activity creating a new result like: first pass result calculation after initial acquisition printing a report applying a data analysis method to a data file integrating a chromatogram with the integrate or auto-integrate commands modifying the calibration table The application of manual integration events is different in the interactive data analysis view and in the batch review. The views are discussed separately in the next two sections: The interactive review in ChemStation Data Analysis View on page 35 The batch review window for reprocessing of an entire batch of data in ChemStation Batch Review on page 37 ChemStation Data Analysis View The ChemStation Plus data analysis view is designed for advanced review of individual data files, for example, during the development of a new method or for comprehensive review of 3-dimensional UV and MS spectra. The interactive data review is not ideal for reprocessing of a batch of data files. Figure 12 ChemStation Plus Interactive Data Analysis View With ChemStation Manager Access Level ChemStation Security Pack User s Guide 35

36 3 A Brief Tour Data Transfer from ChemStation All tasks that apply to an entire batch or a user-defined list of runs - like applying new integration events or up-dated calibration settings - can be reprocessed more conveniently in the batch review or by reprocessing a complete sequence. Therefore, the standard data analysis view is not designed being the default data review window with the ChemStation Plus Security Pack. In addition, if the data storage is configured as recommended in Storage of Data on page 31 no data will be available on the hard disk any longer for loading into the data review. The data files are deleted immediately after the transfer to the database. Users that want to analyze data through the data analysis run-based review have to restore each raw data file individually to the local hard disk from the run information screen in ChemStore. See also Transferring Data to ChemStation from the Run Information Interface of ChemStore on page 63. It is recommended to create a dedicated reload folder to avoid interference with currently acquired data files. Data Traceability and Versioning in the Interactive Data Analysis View The data review functions of the data analysis view of the ChemStation Plus are restricted to the ChemStation manager user level because the data versioning in this view does not cover the manual integration of a chromatogram. ChemStation operators in the data analysis view can only execute a pre-defined method or print a report. ChemStation operators cannot recalibrate or change the integration in this view. The ChemStation operator must use the batch review interface for recalibration and reintegration of chromatograms. What is different in the data analysis view compared to the batch review for manual integration? The manual integration events are not stored with the run The peak table is updated immediately after the manual event was finished The application does not detect changed peak parameter and therefore does not transfer data to the database even if new results were calculated. If the user wants to store the latest results in the database, the manual integration events must be copied to the method and a manual data transfer must be initialized. 36 ChemStation Security Pack User s Guide

37 A Brief Tour 3 Data Transfer from ChemStation ChemStation Batch Review Data Traceability and Versioning in Batch Review Batch review is the default view for reanalyzing data. It can be used for reprocessing the latest ChemStation sequence and for all runs that are submitted from the ChemStore C/S database for reanalysis. In the batch review also the ChemStation operator can reintegrate and recalibrate runs. Batch review also allows the review of a list of runs in one window. Users can step through runs and calculate new results both automatically and interactively. Figure 13 Batch Review Interface in ChemStation Versioning in Batch Review For a detailed overview of the modifications of the batch review compared to the standard ChemStation Plus batch review operation, see Changes to Batch Mode on page 54. This section focusses on the data transfer from the batch review to the Chemstore C/S database. ChemStation Security Pack User s Guide 37

38 3 A Brief Tour Data Transfer from ChemStation The batch review includes a fully automated data versioning covering also the manual integration events. In the batch review, the manual events that were applied to a chromatogram are stored along with the chromatogram. In order to avoid the storage of preliminary results, the result creation is split in the graphical rework of a chromatographic data file and the result calculation. During the graphical rework of chromatograms and data files i.e. during drawing of a manual baseline, the peak table will not show the new results immediately like it does in the interactive data analysis. The peak table is locked until the calculation is actively performed and it includes a small info button that explains the different operation mode of the batch review in the ChemStation plus Security Pack batch review. The result calculation is a separate step graphical data review does not create a result. Figure 14 Peak Table Lock in the Batch Review As soon as the user calculates the result by pressing the calculate button, the new results are calculated and they are compared with the last results that were stored. If there is any deviation, the data are transferred to the database creating a new result version. Manual integration events are typically not stored with the method. In order to track these changes along with the other modifications the ChemStation plus Security Pack writes all changes including manual integration events to a text file that is stored along with the raw data in the *.d subdirectory of the ChemStation. 38 ChemStation Security Pack User s Guide

39 A Brief Tour 3 Data Transfer from ChemStation The manual integration events are also transferred to the ChemStore run audit-trail. They can be reviewed with manual integration details button in the ChemStore audit-trail. This information can be re-used for a later recreation of the manual events i.e. in an audit situation. Figure 15 Review of Manual Integration Events in the ChemStore Audit Trail ChemStation Security Pack User s Guide 39

40 3 A Brief Tour Data Transfer from ChemStation In addition, the application prompts the user for a comment to document the reason for the last change. The comment is documented in the ChemStore audit trail comment field along with a pointer to the text file for the proper identification of the changed events. Figure 16 Result Comment after Manual Reintegration in Batch Review 40 ChemStation Security Pack User s Guide

41 A Brief Tour 3 Data Transfer from ChemStation Overview of Data Transfer from ChemStation to ChemStore C/S Database Any data that has been selected to be saved along with the results (chromatograms, spectra or raw data, method and sequence files in the client/server version) is transferred along with the analysis results. If configured in the study setups, the Security Pack deletes the raw data locally after the transfer to the database was performed successfully. The local delete process is controlled by a separate application, the ChemStore C/S ODBC spooler. Figure 17 ODBC spooler (User interface) The spooler application handles the transfer to the server and makes sure that all data is integrated and stored in the database tables. This check for complete data transfer to the server database is mandatory to enable the delete process of the raw data on the local drive. The entire data transfer is documented in the sequence log book and in the ChemStore C/S audit trail. The spooler also controls and secures the data transfer from ChemStation to the ChemStation Plus database. In case of transfer problems or network trouble, the spooler pauses or stops the transfer after a certain time limit. After a spooler pause or spooler stop, the user can display the error and resume the data transfer in the spooler application after the error correction. ChemStation Security Pack User s Guide 41

42 3 A Brief Tour Data Transfer from ChemStation Members of the Windows user groups Power Users and Administrators can delete spooler jobs in addition to the review and resume function of system users. In case a spooler job is deleted, an entry in the Windows operating system security log is generated. NOTE The spooler access for deleting spooler jobs is limited to members of the operating systems Power Users and Administrator groups. Figure 18 ODBC Spooler (administrator interface) This data transfer processing allows users to store all data in one central place while preventing any data loss and documenting each transfer step. To process your data further, ChemStore C/S allows you to export information to MS Excel, or to print reports to a file in *.html, *.xml or *.csv format. The data export to file is checksum protected to ensure the identity of original data and exported copy. You can also export the data to the Windows Clipboard for use in other Windows applications. 42 ChemStation Security Pack User s Guide

43 A Brief Tour 3 Retrieval of Raw and Meta Data in ChemStation Batch Review Retrieval of Raw and Meta Data in ChemStation Batch Review The data storage application is the ChemStore C/S database. Following the default study setup, the ChemStore C/S ODBC spooler transfers all data to the central database and deletes the new data from the default hpchem data directories. In order to re-analyze runs in the ChemStation, the user must transfer data from the Database Review Client back to the local hard disk drive. The raw data files will be removed from the client computer after retransfer. The data transfer from the result management is a four step process. The first step is querying the database. A query is a request to retrieve a set of runs from the many thousands of runs your database comprises that matches certain criteria. Start the ChemStation and select View > Database Review Client. Select from the ChemStore C/S Database Review Client and run a query. The query retrieves the results and data information in order to review and approve data. If you need to re-analyze or reprocess your raw and meta data, the data must be transferred back into the Data Analysis view of the ChemStation. There are two ways to transfer data from ChemStore C/S to the ChemStation: 1 Transferring data from ChemStore C/S to the batch review of the ChemStation (default and recommended transfer), see Transferring Data from ChemStore to Batch Review of ChemStation on page Transferring data from the run information interface of ChemStore C/S to the ChemStation, see Transferring Data to ChemStation from the Run Information Interface of ChemStore on page 63. ChemStation Security Pack User s Guide 43

44 3 A Brief Tour Audit Trails Audit Trails All activities associated with each sample are documented in audit trails which track all changes that are made to a run from data acquisition over re-analysis to long-term archiving. Each sample has an audit trail which is maintained separately from the sample data. The audit trail is archived separately from the run, so that archiving and de-archiving activities can be added to the audit trail; the link to the audit trail is maintained, even when the run is archived. The audit trail for any run can be displayed. It contains a table showing information about each change in the status or the value of a custom field for the run. For manual re-integration events check the details of the re-integration with the Man. Integ. Details button. It will open an additional window with all manual integration details for the selected run version if the database query was executed based on all versions. Figure 19 Audit Trail 44 ChemStation Security Pack User s Guide

45 A Brief Tour 3 Audit Trails The storage of modification time and processing time in local time (calculated and documented with the difference to GMT) also indicates when a change took place. The processing time documents the time of the data transfer from the application to the database, the modification time documents the time the audit trail generating activity was performed. In addition the two time stamps immediately reveal a deviation of data modification and data transfer showing a review activity of the individual run version. The audit trail information can be printed directly from the table or individually configured in complete reports for a set of runs. Some questions, particularly those at the administrative level of the application, cannot be answered by the run-related audit-trail. All interactions that affect the security of the database and the application are tracked and documented in the database logbook. ChemStore can also be configured to send a notification by in case an account gets locked by repeated use of an improper password. See chapter notification in the ChemStore Concepts Guide for details of how to set up this service. The log book entries can be displayed in a table. Figure 20 Database Log book ChemStation Security Pack User s Guide 45

46 3 A Brief Tour Audit Trails With this database log book and the current list of authorized users and their permissions, the application can be checked for its security status for the full record retention time. In an audit situation, a user is now able to proof the ongoing secure status of the data plus the short periods of insecurity when a user with administrative capabilities was logged on to the system. As an example, one user had logged on to the system and had access to sensitive activities like archiving/deleting data. In a review situation, the responsible operator could prove that, except from this time line, the full application was secure by: showing the list of current permission rights in the user administration screen of ChemStore C/S. querying the database log book session Reason for entry for Permission right changed. This combination of current status documentation and a query for backwards changes reveal all user rights and changes for the entire database lifetime. The documentation of the data acquisition is stored in the instrument and sequence log book as well as in the run-specific run log books. Figure 21 Instrument and Sequence Log book 46 ChemStation Security Pack User s Guide

47 A Brief Tour 3 Automated Data Versioning Automated Data Versioning Daily work quite often requires more than one analysis copy of results. The FDA rules require storing all reanalysis data as versions together with the original raw data and results. The implementation in Security Pack first needs to uniquely identify the initial run version in the database. To define the initial run version, it uses a combination of injection time in local time using the local time zone settings of the computer operation system and the unique injection ID. Following this definition, all reprocessing copies or reanalyzed versions of the initial run are linked together, offering a complete history of final results with all intermediate steps and results. This versioning is user independent, computer generated and documented in the audit trail. To ensure the full versioning, the ChemStation also must identify each new result automatically send the new result data to the database whenever a new result is created The implementation therefore stores the numeric results in a registry file sec_save.reg. The registry file is stored with the data. Each new result version has a different registry file. Prior to creating a new result version, the system compares the current results with the data stored in the registry file. As soon as it detects a deviation, a new result version is stored in the database. For a full traceability of the modified results, the difference between the result versions are documented in a text file sec_trac.txt stored in the *.d subdirectory of the raw data. The storage management of the database minimizes the file size by limiting the result storage to the delta values. Figure 22 New files for Full Audit trail in the Raw Data Subdirectory ChemStation Security Pack User s Guide 47

48 3 A Brief Tour Automated Data Versioning Documentation of Versioning In addition, the FDA regulations require a documentation of the person performing the changes as well as a time-stamp of the reprocessing. This information is automatically transferred with the new entry in the database; the change person ID is obtained from the log-in and is documented with the person s display name. The time stamp is automatically generated from the time setting of the PC (for the standalone version) or the server (for the client/server version). Retrieval of Result Versions in ChemStore C/S Database When you set up a query for data retrieval in the ChemStore C/S database, you can choose to retrieve either all versions of the run or only the latest version. When all versions of the run are displayed, the Audit column of the Run List shows the version number of the run: 1 is the oldest version, 2 the next oldest; the run marked with + is the latest version. If only the latest version of the run is displayed, a star * in the Audit column of the run list denotes that multiple versions of the run exist in the database. Figure 23 Retrieval of Versions Security Pack does not allow to delete non-archived data. To delete data, the user must first be granted the privilege to archive and delete data. In case of a standalone system, the user can archive and delete data by copying and archiving the complete *.mdb file and creating a new *.mdb copy through the ChemStore utility. 48 ChemStation Security Pack User s Guide

49 A Brief Tour 3 Automated Data Versioning For more details on managing standalone MS Access databases, please refer to the "ChemStore C/S concepts guide", Section Backing up your local access database". Data can only be deleted in the Client/Server Oracle based ChemStore C/S product and must have been archived prior to deleting from the database. The entire data transfer is documented in the database log book and the audit trail. The database log book denotes the transfer initialization, the audit trail documents the completion of the transfer, including the processing time-stamp. ChemStation Security Pack User s Guide 49

50 3 A Brief Tour Automated Data Versioning 50 ChemStation Security Pack User s Guide

51 Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD User s Guide 4 Access Level and Batch Review Interface Changes Changes to ChemStation Operator Level 52 Changes to Batch Mode 54 Agilent Technologies 51

52 4 Access Level and Batch Review Interface Changes Changes to ChemStation Operator Level Changes to ChemStation Operator Level In order to limit operators data access and to track modifications, the Security Pack modifies the ChemStation operator mode significantly for the data review privileges. The standalone ChemStation mode does not allow the operator to perform any interactive reanalysis activities because these activities can t be traced. The Security Pack modifies the data analysis tasks to store all individual run modifications with the run. store all method versions with their current settings in the database. NOTE To access these features, the batch mode of the Data Analysis view must be used. In the batch mode, the ChemStation operator is allowed to apply manual integration events. He is also allowed to open the integration user interface to change the global integration settings of the method. Table 2 Shows the modifications to ChemStation operator level compared with the user rights of a standard ChemStation operator. Table 2 User Task Modifications to ChemStation operator level ChemStation Security Pack Operator Standard ChemStation Operator Save acquisition method No No Save data analysis method Yes No Load/Save sequence Yes Yes Modify acquisition parameter Yes Yes Reintegrate automatically Yes No Reintegrate manually Yes, only in batch review No Change integration events Yes, only in batch review No Recalibrate overview and peak summing Yes No 52 ChemStation Security Pack User s Guide

53 Access Level and Batch Review Interface Changes 4 Changes to ChemStation Operator Level Table 2 Modifications to ChemStation operator level (continued) User Task ChemStation Security Pack Operator Standard ChemStation Operator Recalibrate other No No Apply method to data and print report User-independent automated result versioning Access to tasks with manual result versioning Yes Yes No Yes n/a No ChemStation Security Pack User s Guide 53

54 4 Access Level and Batch Review Interface Changes Changes to Batch Mode Changes to Batch Mode When re-integrating a chromatogram in the standard ChemStation, the peak results table is updated at the same time as the display of the baseline, retention time and compound name in the chromatogram. The ChemStation Plus Security Pack operates differently. The Security Pack splits the re-analysis task in two steps. The first one allows to perform a graphical review of a set of runs (step through runs) and to work with manual integration events for each compound in a run without generating new results. The second step is the result calculation including an automated data versioning. The result calculation can either be initialized with a separate button or by clicking run by run or automatically stepping through the full list of runs. The button is added to the manual integration events toolbar. Calculating a new result will start the comparison with the last results in the sec_save.reg file and in case of a difference, transfer the data to the database. This mechanism allows constructing the baseline for multiple peaks without transferring data with every change. In batch processing the new baseline is stored with the signal and hence individual to the signal, while in the interactive data analysis it is stored with the method. The signal is added to the raw data file and it might be stored in ChemStore C/S as part of the raw data file. In the case of manual integration in the interactive data analysis, the manual integration events are stored in an extended method file. In the security mode of the ChemStation plus, all changes are saved automatically with the chromatogram. In case a user wants to disregard the manual integration events prior to calculating the new result, he has to reapply the last -saved settings by executing the integrate command from the integration menu. The transfer of the results to the database is performed after a valid comment is given by selecting one of the predefined comments with a check mark or by typing an individual comment in the text field.the free comment must have at least 5 characters, if no predefined comment has been check marked. 54 ChemStation Security Pack User s Guide

55 Access Level and Batch Review Interface Changes 4 Changes to Batch Mode If the batch was loaded from a disk, all runs are calculated and transferred when leaving the batch processing mode. Also, in case the user prints a report of a selected run or creates integration results, the data will be transferred immediately. The data files and the method used by the batch review are loaded into a write-only directory, preventing operators to make unauthorized copies of those files. This directory stores under the "data" directory of the ChemStation session and is named Chemstor. Example for this directory: C:\ hpchem\1\data\chemstor If configured to delete raw data, the files are deleted as soon as the user leaves the batch processing mode or loads a new batch. For reasons of security, it isn t possible to load a signal as long as the batch mode is active. Therefore the Load Signal option in the File menu is disabled. However, the ChemStation software allows overlaying multiple chromatograms of selected runs within the loaded batch. Re-integration and result generation are not possible, as standard reports cannot be generated across multiple runs. ChemStation Security Pack User s Guide 55

56 4 Access Level and Batch Review Interface Changes Changes to Batch Mode 56 ChemStation Security Pack User s Guide

57 Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD User s Guide 5 Data Reanalysis Transferring Data from ChemStore to Batch Review of ChemStation 58 Transferring Data to ChemStation from the Run Information Interface of ChemStore 63 Integration 67 Recalibration 70 Agilent Technologies 57

58 5 Data Reanalysis Transferring Data from ChemStore to Batch Review of ChemStation Transferring Data from ChemStore to Batch Review of ChemStation The default setup of Security Pack deletes the raw data from the local PCs after the transfer to the database. In order to re-analyze this data, raw data must be transferred back to the local ChemStation PC. The application transfers the data from the database to the ChemStation batch review. Batch review is a mode of data analysis that allows you to do a first-pass review of a batch of samples quickly and easily. You can manually modify the chromatograms and save the modifications for later use. You can also print reports of the batch results. NOTE The setup of runs for reprocessing is a ChemStore C/S user privilege that must be granted. Transfer of data from ChemStore C/S to the ChemStation takes place in two stages. First you set up a batch in ChemStore C/S, and then you load the batch in the ChemStation. NOTE During data transfer from the database to the local hard disk, the application performs a checksum re-calculation. It checks if the hash values are identical. Any mismatch is reported as an error with the message: "Hash values are different." Setting up a Batch You can review data and mark it for transfer to the ChemStation in any of the Sample layouts or in Compound graphics layout. For more details on the batch transfer, see Agilent ChemStore C/S Concepts Guide. 1 In the ChemStore C/S review client, select a run from the Run List (Sample layouts) or the Summary Results Table (Compound graphics layout). 2 Check the Batch box at the bottom of the table. You can also select Review > Mark Run For > Batch Processing or Batch Processing from the Run List popup menu (right mouse button) to mark a run. To mark all runs for batch processing, select Review > Mark Run For > All For Batch Processing, or All For 58 ChemStation Security Pack User s Guide

59 Data Reanalysis 5 Transferring Data from ChemStore to Batch Review of ChemStation Batch Processing from the Run List popup menu (right mouse button). To remove the batch processing marks from all runs, select Review > Mark Run For > None For Batch Processing or None For Batch Processing from the Run List popup menu. 3 After marking the run(s), select or Review > Create Batch. The Create new batch dialog box appears. Figure 24 Create new batch Dialog Box 4 Select the name of the run you wish to be included in the batch in the left panel and choose the forward arrow. To remove a run from the batch, select its name in the right panel and choose the back arrow. 5 Choose the Method option in the Used method group and select a method from the list to be saved with the batch. To specify that no method is saved, ChemStation Security Pack User s Guide 59

60 5 Data Reanalysis Transferring Data from ChemStore to Batch Review of ChemStation choose the None option in the Used method group; the ChemStation operator must then use a suitable method for processing. 6 Choose the All users option to ensure that all users of ChemStore get notification of a pending batch. To ensure that a single user gets notification of a pending batch, choose the User option and choose the down arrow to select the user s name from the list. 7 Type a comment in the Comment field to add information about the batch. Choose the Submit batch button to prepare the batch for access by the ChemStation. Loading a Batch Batches created in ChemStore C/S can be loaded into the ChemStation for reprocessing or other handling. Loading a Batch from ChemStore C/S 1 Select Batch > Load Batch > ChemStore. The Load Batch from ChemStore database dialog box appears where you can select a batch submitted from ChemStore by clicking to the left of the line, where the cursor changes to a black arrow. Figure 25 Load Batch Dialog Box 2 Choose the Load Batch button to start loading the runs from ChemStore C/S into the Batch Review of the ChemStation. 60 ChemStation Security Pack User s Guide

61 Data Reanalysis 5 Transferring Data from ChemStore to Batch Review of ChemStation If the Files for batch missing dialog box is displayed, listing the files that can not be found in their original locations, copy or move the files back to their original locations, then choose Continue to load the complete batch, or choose Continue to load only those files that have been found in their original locations, or choose Abort to abort the loading of all files. Loading a Batch from Disk Batches can also be loaded from the local hard disk in case the user decided to disable the delete raw data after transfer button in the ChemStore study set-up (intending to keep the raw data on the local hard disk until first pass review has been completed). NOTE Agilent recommends to keep the ChemStore study functionality delete raw data after transfer enabled. Otherwise data management and data integrity gets more complicated by having identical analytical data in two locations. ChemStation Security Pack User s Guide 61

62 5 Data Reanalysis Transferring Data from ChemStore to Batch Review of ChemStation 1 Select Batch > Load Batch > Disk. The Load Batch dialog box appears. Figure 26 Load batch from disk Dialog Box 2 Select the batch you want to load from the list by clicking on the name in the File name list box. 3 Click OK. NOTE All raw data files that have been analyzed will be deleted from the local disk after closing the batch window. In order to reprocess data that is transferred to the database, these data has to be sent from ChemStore C/S to the ChemStation. 62 ChemStation Security Pack User s Guide

63 Data Reanalysis 5 Transferring Data to ChemStation from the Run Information Interface of ChemStore Transferring Data to ChemStation from the Run Information Interface of ChemStore You can also choose to reload any or all files saved with a run or a complete sequence interactively from the Run information dialog box. Reloading a run 1 Select a run from the Run List. 2 Select. The Run information dialog box appears. Figure 27 Run information Dialog Box ChemStation Security Pack User s Guide 63

64 5 Data Reanalysis Transferring Data to ChemStation from the Run Information Interface of ChemStore 3 Click the Reload raw data button. A dialog box appears. Figure 28 Reload Raw Data file Dialog Box 4 Enter a path. 5 Click OK. 64 ChemStation Security Pack User s Guide

65 Data Reanalysis 5 Transferring Data to ChemStation from the Run Information Interface of ChemStore Reloading a Sequence 1 Execute a query based on all versions and select a version 1 run from the Run List. 2 Select. The Run information dialog box appears. 3 Choose the Reload all files... button. If the sequence file exists at the destination path you can choose to overwrite the existing sequence or not. It is recommended to overwrite the existing sequence, thus ensuring the same sequence parameters. 4 Figure 29 Data directories Dialog Box 5 The destination path for the raw data should be empty, since the reload function does not allow to overwrite existing data. The original full path can be copied by using the Ctrl+C and Ctrl+V short keys. 6 Click OK. ChemStation Security Pack User s Guide 65

66 5 Data Reanalysis Transferring Data to ChemStation from the Run Information Interface of ChemStore 7 If the Overwrite existing method files dialog box appears, check the Overwrite boxes for the you wish to overwrite with method from the database and click OK. Figure 30 Overwrite existing method files Dialog Box 8 When the task is complete, a Summary appears.. Figure 31 Summary 66 ChemStation Security Pack User s Guide

67 Data Reanalysis 5 Integration Integration This section will focus on the integration using the batch review. For integration using the interactive Data Analysis view of the ChemStation, please refer to the Understanding the ChemStation manual. Integrating a Signal Automatically 1 Select Batch > Load Batch > ChemStore. The Load Batch from ChemStore database dialog box appears. Figure 32 Load Batch Dialog Box 2 Select the button Load Batch... mind the comment. 3 The batch review task starts with the application of a method to a run. The method usually is transferred along with the batch from the ChemStore C/S database. If the batch was submitted without a method, the application will ask you to load a local method. 4 Click either the manual integration events or Select. ChemStation Security Pack User s Guide 67

68 5 Data Reanalysis Integration 5 Select Integration > Integration Events or. Figure 33 Integration Events 6 Enter the integration events to be used by the integrator. 7 If you wish to apply the events to re-integrate a list of samples from the batch, click. The software will step through the runs and re-integrate file after file until the batch is done or the operator stops the automated review. 68 ChemStation Security Pack User s Guide

69 Data Reanalysis 5 Integration Integrating a Signal Manually 1 Select Batch > Load Batch > ChemStore. 2 Select the batch to be loaded. 3 Select Integrate to integrate the signal using the initial values specified in the integration events table of the current method. 4 Select Integration from the menu to specify a manual integration action. All functions described below are also accessible from the Status toolbar. a Select Draw Baseline to define a baseline. b c d e Click and hold down your mouse button at one end of the baseline. Then, drag your mouse to the other end and release the button. Select Negative Peak(s) to define a baseline for negative peaks. Click and hold down your mouse button at one end of the baseline. Then, drag your mouse to the other end and release the button. Select Tangent Skim to define a tangent. Click and hold down your mouse button at one end of the tangent. Then, drag your mouse to the other end and release the button. Select Split Peaks to specify a drop line. Point to the place along the x-axis where you want the drop line and click your mouse button to integrate the signal. Select Delete Peak(s) to draw a box around the peak you want to delete. Click and hold down your mouse button at one corner of the box. Then, drag your mouse to the opposite corner and release the button. 5 If you are satisfied with the baseline position, continue with the next run or display the integration results. Both actions will trigger spooling of the new results to the database. If you are not satisfied with the baseline position reintegrate the signal. No run version will be spooled until as long as no new results are displayed. ChemStation Security Pack User s Guide 69

70 5 Data Reanalysis Recalibration Recalibration For a recalibration using the bracketed calculation mode, you have to restore the sequence and re-run the sequence as a data analysis only sequence. As an alternative, all brackets can be re-calibrate in batch mode if they are set-up as individual batches. If you do not want to use a bracketing mode for calibration, the recalibration can be performed through the batch review. The batch review allows to recalibrate using an averaged result of all calibration runs or using individual run-based changes. 1 Load a batch in the ChemStation. 2 If you want to update the calibration table, use the standard calibration tools of the ChemStation. 3 After finishing the modifications on the run and/or in the calibration table, click. This will update the calibration table using the calibration samples in the batch. 4 5 To reprocess the data and to get new results with the up-dated calibration table, start the automated step through runs with. The square brackets [] around compound results indicate results not generated by the current calibration. The brackets will be removed automatically when a new and different result using the current calibration is generated. 70 ChemStation Security Pack User s Guide

71 Agilent ChemStation Security Pack for AD, GC, LC, CE, LC-MSD, and CE-MSD User s Guide 6 Administrator Tasks and Reference Introduction 72 Tasks requiring a ChemStore C/S permission 74 Tasks for operating systems administrators 78 Agilent Technologies 71

72 6 Administrator Tasks and Reference Introduction Introduction To keep track of actions that might affect data integrity in a ChemStore C/S system, certain tasks require to be logged on to the computer as a member of the Windows user Administrators. Permissions to Chromatographic tasks like data acquisition and data review are administered within ChemStore C/S. Agilent does not recommend to perform routine work like review chromatographic data or acquiring data when logged on as a member of the Windows user Administrators. All users that use the ChemStation Plus system must be members of the local Windows user group users. Otherwise the global group, they belong to, must be a member of the local Windows 2000 group users. Within a Windows multi domain environment a trust relationship is not sufficient. Each global domain user group has to be explicitly included in the local Windows 2000/XP group users. Table 3 lists common administrative tasks and their respective ChemStation, ChemStore and Windows 2000 /XP settings required. Table 3 Administrative Tasks Administrative task Membership in NT group Administrators required ChemStore C/S permission required ChemStation manager access level required Running instruments No No No Reanalysis of data No No No Modifying ChemStation sequences (Study, custom field values, samples) No No No Modifying ChemStation methods No No Yes Resume database spooler No No No Deleting spooler jobs Yes No No Creating a new ChemStore C/S users No Administer users No Assign user settings to users No Administer user settings No Select database connection Yes No No 72 ChemStation Security Pack User s Guide

73 Administrator Tasks and Reference 6 Introduction Table 3 Administrative Tasks (continued) Administrative task Membership in NT group Administrators required ChemStore C/S permission required ChemStation manager access level required Data archiving (MS Access DB) Yes No No Data archiving (Oracle DB) No Archive / Dearchive runs No Creating new database (MS Access only) Yes No No Creating new database from template (MS Access only) Yes Create database No ChemStation Security Pack User s Guide 73

74 6 Administrator Tasks and Reference Tasks requiring a ChemStore C/S permission Tasks requiring a ChemStore C/S permission The Administer users permission in the ChemStore C/S user administration is the key privilege in managing user rights and user roles in Security Pack. It allows creating a new user with specific permissions, change the permissions or reset the password for an existing user. Creating a new user 1 Select Administration / Administer Users... 2 The Administer Users dialog box appears. 74 ChemStation Security Pack User s Guide

75 Administrator Tasks and Reference 6 Tasks requiring a ChemStore C/S permission Figure 34 Administer Users Dialog Box NOTE Method Validation Permissions are available only if Method Validation Pack Add-on is installed. ChemStation Security Pack User s Guide 75

76 6 Administrator Tasks and Reference Tasks requiring a ChemStore C/S permission 3 Choose the Create new user button. The Create user dialog box appears. Figure 35 Create user Dialog Box 4 Enter a Login name and a Display name. 5 Click OK. 6 Select permissions for this user from the Individual permissions panel and transfer them to the Permissions granted panel by using the forward arrow or grant standard sets of permissions by using the buttons below the Individual permissions panel. 7 Choose to set this user as a ChemStation Operator or as a ChemStation Manager.. 8 Click OK. 76 ChemStation Security Pack User s Guide

77 Administrator Tasks and Reference 6 Tasks requiring a ChemStore C/S permission Modifying an Existing User Profile 1 Select Administration > Administer Users. The Administer Users dialog box appears. 2 Select the user you want to modify from the User list. 3 Add or remove permissions. To add permissions, select them from the Individual permissions panel and transfer them to the Permissions granted panel using the forward arrow. To remove permissions, select them from the Permissions granted panel and transfer them back to the Individual permissions panel by using the back arrow. 4 Choose to set this user as a ChemStation Operator or as a ChemStation. 5 Click OK. ChemStation Security Pack User s Guide 77

78 6 Administrator Tasks and Reference Tasks for operating systems administrators Tasks for operating systems administrators These tasks can only be performed when you log on to Windows as a member of the Windows Operating system user Administrators. Some tasks additionally require a ChemStore C/S permission. Configuration of the DB Size Security Service The size limit for a Microsoft Access database is 1 GByte. Therefore it is highly recommended not to exceed a size of 850 MBytes for the database. This ensures that sufficient space is left in the database to allow further reprocessing of the data already contained in the database. When a size of Mbytes is reached the software will display a warning message during log-on to notify user, that it is approaching the size limitas this message is displayed a new Access database should be created using the ChemStore utility. Only a member of the Windows user Administrators able to configure the warning limits of the service and create a new Access database and assign the new database connection. For details on how to configure the size security service please refer to the ChemStore Concepts Guide. For details on how to create a new Access database please refer to Creating New Databases in the Standalone Version on page ChemStation Security Pack User s Guide

79 Administrator Tasks and Reference 6 Tasks for operating systems administrators Assigning a Database Connection Only members of the Windows user Administrators can change the database connection. All other users can only log on to the database currently selected. To change the database connection do the following: 1 Log-on to Windows as a user that is a member of the Windows user Administrators 2 Select Programs > ChemStore CS > ChemStore Review Client from the Windows Start menu. 3 Figure 36 Select New Database Connection ChemStation Security Pack User s Guide 79

80 6 Administrator Tasks and Reference Tasks for operating systems administrators Figure 37 Selecting a new database 4 Either select the appropriate database alias from the list or, in the case of a new database, select Browse and point to the new *.mdb file to create a new database alias in the list. 5 In the Set as default group, a Mark the for this session check box to specify that the selected database is the default for this instrument or application only. Windows users logging on to this instrument or application without Power User or Administrator permissions must use the specified database. This option should be used i b Mark the for all sessions check box to specify that the selected database is the default for all instruments and applications on this work station. Windows users logging on to any instrument or application without Power User or Administrator permissions must use the specified database. 6 ct OK to make the selection active. 7 You can now select Cancel to not start the ChemStore C/S review client and log on as a member of the Windows user group users. 80 ChemStation Security Pack User s Guide

81 Administrator Tasks and Reference 6 Tasks for operating systems administrators Creating New Databases in the Standalone Version The ChemStore C/S Utility is used to create a new MS Access database in case the previous database has reached its size limit and/or has been archived onto a storage media. It can only be used by members of the Windows user Administrators. CAUTION To retain user settings, report templates, filters, queries, user interface settings, and customized settings, the last used database can be used as a template for the new database. To import settings from another database, you must log-on the template database as a user with the ChemStore C/S Permission Administer users in the template database. NOTE Password settings like minimum password length and account lock out will not be transferred to the new database. 1 Log-on to Windows as a user that is a member of the Windows user Administrators. 2 Select Programs > ChemStore CS > ChemStore Utility from the Windows Start menu. 3 Select File -> Create Access Database. The Create a new ChemStore B.03 database dialog box appears. ChemStation Security Pack User s Guide 81

82 6 Administrator Tasks and Reference Tasks for operating systems administrators Figure 38 Create new MS Access database 4 Choose the Browse button 5 The Save As dialog box appears. 6 Enter a database name in the File name text box. 7 Choose the Save button. 8 Choose the Logon button if you want to import settings from a template database. 9 Select the database alias that should be used as a template. 10 Type in name and password of a user with. 11 Choose the Create button. 12 You can close the ChemStore C/S Utility once the database creation is successfully finished. If users should use this database now, you need to connect to the new database as outlined in Assigning a Database Connection on page ChemStation Security Pack User s Guide

83 Administrator Tasks and Reference 6 Tasks for operating systems administrators Database Backup in the Standalone Version To protect the database from unauthorized manipulation, Windows users that are members of the group users only have special write access to the database directory. Therefore they can not copy the database onto a backup or archive media. To backup or archive the standalone database perform the following steps: 1 Log-on to Windows as a user that is a member of the Windows user groups Administrators. 2 If the database is to be archived, create a new database as described in the section Creating New Databases in the Standalone Version on page 81. To avoid confusion the new database name should be different from the old one. 3 Copy the database file (*.mdb) from hpchem\chemstor\database to the backup or archive media. 4 If the database was archived additionally perform the following steps: a Delete the original database from the hard drive. b c d Select Programs > ChemStore CS > ChemStore Review Client from the Windows Start menu. Select to open the ChemStore C/S: Select Database dialog box. Select the database alias that was archived and click on Delete to delete this alias. e Choose Browse and select the database created in step 2. f Click on Open. g Enter a database alias and select OK. h Select the new database alias and click on OK. i You can now select Cancel to not start the ChemStore C/S review client and log-on as a member of the Windows user group users. Further details about recommended back up procedures can be found in the Agilent ChemStore C/S Concepts Guide. ChemStation Security Pack User s Guide 83

84 6 Administrator Tasks and Reference Tasks for operating systems administrators Event Log File Backup If you are using Security Pack together with a standalone ChemStore C/S installation, it is mandatory not only to perform a regular back up on the database files containing the analysis data, but also the Windows Event log files, showing that no data was deleted or altered. To store the Windows security log on a backup or archive media do the following: 1 Log-on to Windows as a user that is a member of the Windows user group Administrators. 2 Select Settings > Control Panel > Administrative Tools > Event Viewer from the Windows Start menu. 3 Right-click the Security Log. 4 Select the Save As function and type in a file name. Agilent recommends to include the Event log as EVT files in the back up to allow for easy usage later on. 5 Copy the event log file on the backup or archive media. 6 To prevent excessive growth of the event log file, you have the option to clear it. Use this option only after you copied the current event log to an archive media. Select Log > Clear All Events to clear the security event log. Further details about recommended back up procedures can be found in the Agilent ChemStore C/S Concepts Guide. Setting Up Notification The following facility is available on Client/Server systems only. It sends an automatic notification on specific events and needs to be set up by the administrator (or other user with administrator permissions). The events to trigger an automated notification are: locking of an user account due to exceeded number of unsuccessful log-on attempts. submitting a batch for review clearing a password creation of a new user permission modification 84 ChemStation Security Pack User s Guide

85 Administrator Tasks and Reference 6 Tasks for operating systems administrators With the exception of 'notification of batch submission', the notifications should only be sent to administrators to warn about security violations. For details about the set-up, please refer to the ChemStore Concepts Guide. Troubleshooting Spooler Problems Troubleshooting spooler problems splits into two sections: real troubleshooting including deletion of spooler jobs, and spooler resume after error correction. For resuming the spooler after error correction (e.g. a lost network connection or server downtime) members of the user groups Users can resume the spooler and display the error message. Members of the Windows User group users have a modified spooler window for resuming the transfer as shown in Figure 17 on page 41. This menu does not offer to delete spooler jobs or to pause the spooler. Only members of the Windows user Administrators have full access to the database spooler. The database spooler transfers the data to the database and temporarily stores the data. In case of a server or database problem the spooler pauses and needs to be resumed. To resume the spooler or to evaluate error messages from the database spooler do the following: 1 Double-click with the left mouse button on the database spooler icon in the lower right hand corner of the Windows task bar. 2 Check the error message by selecting Show Error and resolve the problem. ChemStation Security Pack User s Guide 85

86 6 Administrator Tasks and Reference Tasks for operating systems administrators Figure 39 Database spooler window for members of the user groups power users and administrators 3 Click on resume to continue the data transfer to the database after the error was corrected. If the spooler data is corrupt and refuses to transfer to the database you can delete the spool entry by selecting the Delete Job(s) button. NOTE If the Delete raw data from file system after transferring to database option is selected in the study setup, the raw data will not be deleted from the file system if the job was deleted from the spooler. Reprocessing with another method indicates whether the problems was caused by the initial method in use. 86 ChemStation Security Pack User s Guide

87 Administrator Tasks and Reference 6 Tasks for operating systems administrators Security Settings To prevent deletion or alteration of data by standard users, the access to crucial directories of the Security Pack is limited to members of the Windows user groups Power Users and Administrators. Agilent does not recommend to change the location, permissions or auditing of these directories. Table 4 shows the required permission settings and Table 5 shows the required auditing settings for Security Pack. Upon installation these settings will be set correctly. In addition it is recommended to activate the auditing function on each local database after creation (For details refer to the Windows help). This triggers more specific information to be entered to the security log file. Table 4 Directory permissions Directory Permissions Comment \hpchem\chemstor\ database \hpchem\chemstor\spool \hpchem\1\data\ chemstor \hpchem\chemstor\ hputil00.exe Administrators (modify) (full control), Power Users (modify) (full control) Users (write+read permissions)(modify) Administrators (modify) (full control), Power Users (modify) (full control) Users (write+read permissions)(modify) Administrators (modify) (full control), Power Users (modify) (full control) Users (full control)(modify) Administrators (full control) Power Users (full control) Used to store the local databases. Not required if used with a ChemStore C/S Oracle server database. Used to store temporary data when transferring data between ChemStation and ChemStore Used to store temporary data when transferring data for a batch re-analysis from ChemStore ChemStation ChemStore C/S Utility for creation of new databases ChemStation Security Pack User s Guide 87

88 6 Administrator Tasks and Reference Tasks for operating systems administrators Table 5 Directory and file auditing Directory Events to Audit Comment \hpchem\chemstor\database Administrators and Power Users: success + failure Logs if database files were deleted by a member of the Administrators group. 88 ChemStation Security Pack User s Guide

89 Index Numerics 21 CFR Part 11, 11 A access database, 12 Administer users, 74 administrative tools, 84 administrator, 71 administrators, 17, 78 all users, 60 alteration of data, 87 archiving, 44 audit traceability, 12 audit trail, 40, 41, 45, 47, 49 audit trails, 44 auditing, 87 B backup, 83, 84 baseline, 38 batch, 52, 54, 60 set-up, 58 batch review, 35, 37, 43, 58 bracketing mode, 70 C calculation mode, 70 checksum, 42, 58 ChemStation, 52 ChemStation operator, 52 ChemStation operators, 36 ChemStore, 60 ChemStore C/S utility, 81 clear all events, 84 clipboard, 42 closed system, 12, 13 compound graphics layout, 58 create access database, 81 create user, 76 D data transfer, 58 data analysis, 54 data integrity, 12 data review, graphical, 38 data security, 12 closed system, 13 open system, 13 data transfer, 34, 41 database, 12 database alias, 80, 82 database connection, 78, 79 database logbook, 45, 49 dearchiving, 44 delete data, 48 delete job, 86 delete peak, 69 deletion of data, 87 directory, 87 directory auditing, 87 directory permissions, 87 display name, 76 domain, 17 domain administrator, 19 domain controller, 19 draw baseline, 69 E electronic record, 11 electronic signature, 11 notification, 84 encryption, 12, 13 event log, 84 event viewer, 84 export, 42 F first-pass review, 58 fraud, 12 G GMT, 45 graphical data review, 38 graphical review, 54 H hackers, 12 hash values, 58 I import settings, 81, 82 injection ID, 47 injection time, 47 instrument logbook, 46 integrate commands, 35 integration, 67 manual, 36 integration events, 68 manual, 38 integration settings, 52 ChemStation Security Pack User s Guide 89

90 Index interactive data analysis, 35 L load batch, 60 load signal, 55 logbook, 46 login name, 76 M manual integration, 36, 38, 52 manual integration events, 67 Microsoft, 12 MS access database, 81 N negative peak, 69 new baseline, 54 new result, 54 new user, 76 notification , 84 NTFS, 16 O ODBC spooler, 41 operating system administrators, 78 operator level, 52 operator mode, 52 operators, 17 Oracle, 12 overwrite existing method files, 66 P password, 12 password settings, 81 PC clock, 18 peak, 38 peak result table, 54 peak table, 36, 38 permission right, 46 person ID, 48 public network system, 13 Q query, 43 R raw data, 12, 43 deletion, 41 reanalysis, 47, 54, 57 reanalyze, 43 reboot, 20 recalibration, 70 registry file, 47 reload all files, 65 raw data, 64 sequence, 65 reloading, 63 reprocess, 43 reprocessing, 48, 58 restore, 36 result calculation, 54 results, 12 retrieval of data, 43 run information, 33, 63 run list, 58 S sample layouts, 58 security pack, 87 security settings, 87 show error, 85 signature, 12 split peaks, 69 spooler, 34, 41, 42, 43 problems, 85 resume, 85 system policy, 18 T tangent skim, 69 task manager, 19 template database, 81, 82 time-stamp, 48, 49 traceability, 36, 37, 47 transfer, 58 transfer data, 43 transfer settings, 34 U used method, 59 user, 60 user administration, 46 user ID, 12 user management, 17 user profile, 17, 19 user profile, modifying, 77 user settings, 81 V validation, 11 versioning, 36, 37, 47, 54 versions, 48 W Windows NT, 16 Windows NT log files, 84 Windows user group concept, 17 Windows user group Administrators, 72 write only, ChemStation Security Pack User s Guide

91

92 In This Book This book describes the Agilent ChemStationSecurity Pack for AD, GC, LC, CE, LC-MSD and CE-MSD techniques. The Security Pack is an add-on module for the Agilent ChemStation and helps you meet the requirements of the U.S. Food and Drug Administration s (FDA) ruling on electronic records and signatures, CFR 21 Part 11. Agilent Technologies Deutschland GmbH 2004 Printed in Germany 03/04 *G * *G * G Agilent Technologies